Configuring Untangle for Xbox Live

Recently I replaced my home router with an untangle box. Untangle is a Linux server that replaces my home router with an enterprise-grade UTM system. After I had completed setup of my untangle server, I sat down to relax on my Xbox 360 and was greeted with this message:

Your NAT type is set to Strict (or Moderate).

If you are on a network with this NAT type, you might not be able to join certain games or hear other people while playing online.

Strict / Moderate NAT

Since I wanted the best performance possible for online gaming, I got to work configuring my untangle box. Since untangle is more advanced than your standard home router, it requires an extra step or two to configure. The first thing I did was setup my Xbox 360 with a static IP address. While you can set a static IP address on the xbox itself, I prefer to set it on the router so that I don’t have to worry about reconfiguring the xbox every time I travel. In Untangle, select the Config tab on the left, and then click on the Networking button. Next, click the DHCP Server button from the menu at the top. On this page, you can add a static IP address for your Xbox.

I’ve chosen the 10.1.1 address range for my home network, however, it is typical to use the 192.168.0 or 192.168.1 address ranges. Use which ever is appropriate for your network.

Now it’s time to let the untangle server know we want all traffic going to and from the Xbox 360 to bypass the racks. As of this post, there are no known viruses or attacks that could harm the Xbox 360, so it doesn’t make sense to slow the traffic down by scanning it for viruses, etc. From the Config > Networking page that we were just on, you’ll find an Advanced drop-down in the upper right corner. From the drop-down, select Bypass Rules. Add a new Bypass Rule with the following settings.

Lastly we need to setup our port-forwards. These are setup the same way that you would configure any other router for Xbox Live. On the same Config > Networking page, click the Port Forwards button on the top menu. You’ll need to add two new entries with the ports and protocols below. In the Local IP box, specify the same static IP address that you used in the first step–that is–the IP of your Xbox 360.

That’s it; we’re done! If you re-run the connectivity test on your Xbox 360, you should no longer receive a warning about a strict or moderate NAT.

To review, we setup untangle to give our Xbox the same IP address every time it’s connected to our network. After that, we created a rule that will bypass all traffic bound for the Xbox 360 from the untangle rack. Lastly, we setup two port forwarding rules which find Xbox Live traffic and forward it to the Xbox 360. If you take gaming seriously, you’ll probably want to increase the priority of your Xbox Live traffic. This can be done in the advanced > QoS section, but I’ll leave the details of that for another post.

Regarding your bypass rule, why not bypass at the static IP set for your game console??? The way I read things (which might be completely off base) your bypass rule removes all inspection for traffic via 3074 regardless of what NAT rules are in place. I can come up with scenarios (perhaps beyond the realm of practicality, but..) where it would benefit you not to remove all inspection carte blanche for a specific rule. If I’m not seeing this clearly, my apologies to all